Personal health records, what's next?

Friday, 16 May 2008 04:00
Dr. Hazem El-Oraby

Personal health records are in the spotlight at center stage now that two technology giants—Microsoft and Google—have both launched high-profile projects to support PHRs. The debate on what long-term role — if any — PHRs will play in improving the quality of health care while cutting costs is intensifying. Some observers suggest all the hype about PHRs is extremely premature, given that the vast majority of doctors’ offices don’t yet have their own patients’ records automated. PHR proponents, however, say consumers are demanding better access to data, and even a partial PHR is better than nothing. Privacy advocates are declaring “not so fast” as they point out that Microsoft, Google and a growing list of other technology vendors are not “covered entities” under HIPAA and thus cannot be held accountable for complying with this federal law’s data privacy and security rules. They are cautioning consumers to take an extremely close look before they leap into PHRs from these vendors. Howard J. Anderson from Health Data Management discusses this issue....

A broad array of players, even including some technology vendors, are advocating expansion of HIPAA or passage of new federal regulations to ensure that PHRs are secure and the data they contain remains private. Meanwhile, the end point—the “ultimate PHR,” if you will—is far from clear. Many observers have concluded that we’ll likely wind up with several PHR models from which consumers can pick and choose. For now, some PHR projects are leveraging communitywide health information exchanges or a health record bank (see sidebar). Others are tethered to data from a single integrated delivery system. And some are initiated by employers. For now, it’s difficult to assess whether PHRs ultimately will prove to be a passing fad or a ubiquitous technology.

A Definition?

Representatives from every health care sector continue to debate how a PHR should be defined. But there’s a growing consensus that, ideally, personal health records should somehow gather data from multiple sources, including, for example, the electronic health records of physicians and hospitals, the medication records of pharmacies, the test results from labs, the claims data from payers, and the patient’s own notes, such as information about their blood sugar levels or weight changes.

Realizing this ideal, interoperable, all-encompassing vision of a PHR will be a huge challenge. For now, most PHRs remain in the very earliest stages, with hundreds of models for how they should be assembled. Google, Microsoft and a few other technology firms envision providing a national platform that consumers can use to store PHR data, often also using technologies from PHR vendors.

Meanwhile, some consumers are simply filling out electronic forms on their own and carrying them around on USB flash drives or storing them on their computers at home. “We don’t know enough at this point to know which PHR model will prove best,” says Margret Amatayakul, president at Margret\A Consulting LLC, a Schaumburg, Ill.-based firm specializing in electronic records. “A lot more physician offices need their own EHRs before they start having a PHR that they’re supposed to rely on for information.” Likewise, Robert Cothren, director of the clinical information systems practice at Northrup Grumman Corp., Los Angeles, says the value of PHRs to most consumers has yet to be well-demonstrated. “Until EHRs are more widespread and physicians are more integrated with other providers and are sharing electronic information, PHRs don’t have a great deal of value,” he argues. The consultant for the systems integration firm says the industry has yet to carefully articulate the business case for PHRs.

A Revolution In The Making?

In contrast, PHR advocates say an all-encompassing, longitudinal record of treatment, complete with patient’s notes, could help revolutionize the culture of health care. Complete PHRs could help doctors make sure that patients receive appropriate educational materials and are reminded of the need for follow-up visits and tests, she says." Miller strongly argues that waiting until all doctors use EHRs in their practices before moving toward PHRs is impractical. “Essentially we are living in a market where consumers have become interested in personal health records and will drive the development and use of PHRs.” Another PHR advocate argues that EHRs are an essential, basic building block of PHRs. " " Stacy Kahn, M.D., co-owner of the three-physician Fox Prairie Medical Group in St. Charles, Ill., contends that some sort of patient data repository is needed to gather electronic records from hospitals, clinics and other sources. But she acknowledges that building the mechanisms to make that happen will take time, so providers must take baby-steps toward full-blown PHRs. Just as she would never send a patient’s full paper record to a specialist, so too Kahn says she tailors electronic documents to the specialist’s needs, rather than sending the full EHR. “I want a standard that allows me to communicate electronically with disparate providers and ultimately my patient,” she says. “The real promise of PHRs is that they enable data sharing in a way that fulfills the whole notion of balancing privacy, security and access to information,” says Martin, director of health information convergence for the life sciences practice at BearingPoint, a McLean, Va.-based consulting firm.

The Privacy Debate

The biggest potential risks for consumers involve misuse of PHRs by insurers or employers, says Pam Dixon, executive director at the World Privacy Forum, a San Diego-based public interest research group. For example, an HMO potentially could use data in a PHR as grounds for denying enrollment or coverage of a condition, she says. Or an employer might decide against hiring someone if they discover in a PHR that the potential employee has a costly chronic disease. One of Dixon’s biggest concerns is that companies offering PHRs or platforms for the records—including Microsoft and Google — are not “covered entities” under HIPAA. Although these companies tout their tough security policies, “no matter how good a privacy policy is, it can be changed tomorrow, and that’s not strong enough protection for health care files.” Microsoft Corp. conducted extensive consumer research that confirmed the biggest concern about PHRs is privacy, says Grad Conn, senior director, product marketing, for the Redmond, Wash.-based company’s health solutions group. When asked who they trust to store their health data, consumers ranked Johns Hopkins Medicine first, while Microsoft tied with the Mayo Clinic for second place, he says. Even some PHR vendors are calling for tougher federal regulations to govern their business. NoMoreClipboard.com assures its clients that it adheres to HIPAA guidelines and doesn’t share data without consumer’s consent, says Jeff Donnell, vice president of marketing. Expanding HIPAA or enacting other federal regulations would be beneficial to vendors and consumers alike, he stresses. “PHR vendors should clearly, simply and concisely list their security, privacy a data usage policies in language that consumers can understand,” says Miller of University Hospitals. “And there should be third-party validation that they are complying with their own terms and conditions.” Miller chairs the PHR steering committee of the Healthcare Information and Management Systems Society.

Employer consortium pushes PHRs

A consortium of eight large employers, including Wal-Mart Stores Inc., is slowly moving forward with plans to provide their employees with personal health records.

The Dossia employer consortium, based in Portland, Ore., is testing aspects of the infrastructure, linking data from insurers, pharmacies and other sources to a central repository, says Colin Evans, president. Dossia will approach dozens of provider organizations in the cities where most of its members’ employees work to begin building links to their electronic health records systems.

By the third quarter, Dossia plans to move to the next phase, when employers will roll out the full PHR to subsets of their employees, such as those in certain cities, Evans says. The PHRs will be offered to all 5 million employees, dependents and retirees of sponsoring companies, in phases, starting late this year or early next year, he adds. Evans stresses that Indivo is an open source platform and that Dossia’s enhancements will also be provided to others in an open source environment. Dossia is a not-for-profit organization.

In addition to Wal-Mart, consortium members are BP America, Intel Corp., Pitney Bowes, AT&T Inc., Cardinal Health and sanofi-aventis. Each is providing $1.5 million in startup funds and later will pay annual transaction fees for each employee.

“Their motivation is economic,” Evans says. “Most employers see health care costs exploding beyond their ability to control it. We want to get as many employers as possible together to provide the tools to empower employees to become better users of health care.”

Employees will be able to designate which providers can see specific data within their PHR. They will not be able to delete any data, but can add comments to it, Evans says. They’ll also be able to enter information on their conditions. Much like the new efforts of Microsoft and Google, Dossia is creating a broad platform for central storage of PHR data. The consortium expects to work with various PHR vendors and charge them a fee for transactions through Dossia. “One reason for the very low adoption of PHRs so far is that nobody wants to enter the data themselves,” Evans contends. “We expect we could easily empower a lot of the PHR applications now available that haven’t gotten very far.”

HIE opts for free health records bank

After extensive market research, the Louisville (Ky.) Health Information Exchange is adopting the health record bank model for assembling personal health records. But unlike some other organizations experimenting with the model that are charging consumers a monthly fee, this HIE will offer the service free to consumers, providers and payers, says Judah Thornewill, acting executive director.

To fund the effort, the organization will seek grants and solicit donations from participating providers, payers and other organizations, as well as consumers, Thornewill says.

“We think we can build a sustainable business in this way,” he adds. Thornewill estimates startup costs alone will amount to more than $4 million.

Market research determined that physicians and hospitals would not support a PHR project unless a majority of their patients were using one platform, Thornewill says. And consumers expressed serious concerns about the trustworthiness of PHRs, leading organizers to conclude that it was essential that all players serving the area’s 1.2 million residents, including providers, private insurers, Medicaid and employers, must participate.

“Money is the root of all evil when it comes to breaking trust,” Thornewill says. “To build maximum trust, you cannot have a system that’s supposed to save a patient’s life in an emergency, yet charges a fee and turns off service if they don’t pay.”

The HIE’s board, which includes many of the likely participants in the records bank, expects to approve a business plan this month. Then it will begin assessing technology providers, followed by aggressive fundraising in the summer and fall, Thornewill says. If all goes well, a vendor will be selected in early 2009 and a pilot will begin by the following summer.

The records bank will be fed by data from a wide variety of sources, Thornewill says. Consumers, who will control access to their data, will be able to use mobile phones as well as the Internet to view their PHRs. They’ll sign up for the program at their physician’s office or a hospital as part of the usual registration process.